That's reassuring to know. What I don't understand is why you have the /api/v3/post/like/list route. You say you don't want votes to be snooped on, but then you add an endpoint that makes it very easy for instance admins to do exactly that if they choose to? Also worth pointing out that the tool linked here wouldn't work in its current form if this route didn't exist.

Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn't help, it just causes chaos until the people who do the actual work can figure out a solution.

This comparison is not fair at all. It's not like the devs are unaware of this. They could start by removing the API endpoint that lists a post's votes, but they haven't, which means they seem to think it's okay for the instance admins to snoop on votes if they so wish.

https://killedbymicrosoft.info/

Seems to be gradual rollout as usual. I don't see that option in the latest app version

Oh, I agree. This change will affect all CAs however. And their post seemed to contain the most amount of information.

I like that metaphor, I'm gonna save it. And agreed, there's going to be issues with legacy systems.

Luckily, at my current job, all of our outside-facing legacy services already go through an SSL terminating reverse proxy. And we then use self-signed certs with much longer validity for internal traffic where needed.

Their official English party name used to be 'True Finns' but at some point someone probably figured out that sounds a bit elitist; Like everyone not supporting them is not a true Finn?

Luckily, the far-right here in Finland is less extreme than some of their counterparts in Europe. Finns Party members aren't literal Nazis (or at least most of them aren't), and some media outlets, including Yle, usually refuse to label them as far-right at all. Personally, I'm of the opinion that in the context of the Nordics, being far-right doesn't necessarily mean you're full-blown Nazi and that's why I editorialized the title a bit.

I think most guesses in this thread are a bit on the low side. I say $48.50.

Seems to be a CORS issue. A GET request to https://discuss.tchncs.de/pictrs/image/2254acd7-9ce1-4b07-b334-15631f2847e2.png is correctly responded to with a single Allow-Origin header:

 undefined

    
Access-Control-Allow-Origin: *


  

However, the problem occurs when a browser makes that request. It adds an Origin header (For example, Origin: https://aeharding.github.io/ in this case), and then the server responds with two Allow-Origin headers, which is invalid:

 undefined

    
access-control-allow-origin: https://aeharding.github.io/
Access-Control-Allow-Origin: *


  

(Note the different capitalization.)

Ignoring that, it also seems that the server does not support the Range header. Requesting the same image with the header:

 undefined

    
Range: bytes=0-1


  

returns the full image instead of the requested partial content. This effectively means that while video/audio files hosted on this instance will play, features like fast forwarding won’t work properly. This is something @[email protected] will probably want to take a look at some point.

For me accessing that site in Firefox on Windows (even with uBO) does trigger the scam popup, but in any other browser I tried (Edge, Chrome, FF dev edition), it doesn't. Kinda interesting.

The popup does not manage to add anything to the clipboard. There are tons of JS errors in the console, so luckily the thing seems to be pretty broken right now.

I think Microsoft should add a warning before allowing pasting into the Run dialog for the first time. Similarly like they already have in Edge's console

Drawing. And maybe some calligraphy. I take shifts at the local cafeteria during summers and we have a markerboard thingy outside to display our opening hours, daily special discounts and whatnot. I've seen others write on it with beautiful lettering and then decorating it with cool doodles. I tried it once and let's just say it didn't turn out well...

!lemmySilver

Just testing does it still count if the comment contains other text after the command. It's not immediately clear from the instructions how that works.

Someone else just brings the stuff to me? In that case, definitely the clothes. I hate shopping for them, it's always such a chore, even if you don’t care about style and just want high-quality, comfortable ones.

Is there a similar bot on Lemmy?

I'm probably being a dum-dum but what's the joke here? I don't get it

They can include runnable JavaScript too, which can cause vulnerabilities in certain contexts. One example from work some years back: We had a web app where users could upload files, and certain users could view files uploaded by others. They had the option to download the file or, if it was a file type that the browser could display (like an image or a PDF), the site would display it directly on the page.

To prevent any XSS (scripts from user-provided files), we served all files with the CSP sandbox header, which prevents any scripts from running. However, at the time, that header broke some features of the video player on certain browsers (I think in Safari, at least), so we had to serve some file types without the header. Mistakenly, we also included image files in the exclusion, as everyone through image files couldn't contain scripts. But the MIME type for SVG files is image/svg+xml... It was very embarrassing to have such a simple XSS vuln flagged in a security audit.

Might be an unpopular opinion but after around two hours of gameplay I'm perfectly happy with the performance on my 3060Ti. On medium-high settings it can easily maintain 60fps on 1440p. That is with DLSS of course and ray tracing turned down to minimum.

My use case is a bit different than yours but still worth mentioning, I think; I have Sharry running in Docker and it makes sharing and receiving files super easy. All downloads and uploads are resumable so they work well even in unstable networks.